CN109918917A - Method, computer equipment and the storage medium for preventing H5 source code from leaking - Google Patents
Method, computer equipment and the storage medium for preventing H5 source code from leaking Download PDFInfo
- Publication number
- CN109918917A CN109918917A CN201910206140.7A CN201910206140A CN109918917A CN 109918917 A CN109918917 A CN 109918917A CN 201910206140 A CN201910206140 A CN 201910206140A CN 109918917 A CN109918917 A CN 109918917A
- Authority
- CN
- China
- Prior art keywords
- source code
- function
- code
- encrypted
- character string
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses a kind of method, computer equipment and storage mediums for preventing H5 source code from leaking, which comprises initialization template object defines an overall situation function, and a global object is returned in overall situation function;Morphological analysis and syntactic analysis are carried out to source code, and function, character string, expression formula and the constant in source code are encrypted;Encrypted source code is subjected to shell adding encryption, and generates a decryption function;Decryption function decrypts shell adding code, decrypt encrypted code, load decryption object simultaneously executes encrypted code, decryption object dynamic is decrypted as clear-text passwords, and execute clear-text passwords, encrypted code structure is complicated, and pass through randomization global object's title and control stream randomization, encryption can all have different encryption files every time, it is a kind of polymorphic form, and template object dynamic is decrypted when passing through operation, it solves the problems, such as to be easy to be found in decryption code key insertion source code, increase anti-debug technology under special environment simultaneously and domain name binding technology is added by template, effectively protect H5 source code.
Description
Technical field
The present invention relates to field of computer technology, more particularly to the method, the computer equipment that prevent H5 source code from leaking
And storage medium.
Background technique
Web apply with mobile terminal h5 application in, since JavaScript resolver is directly to JavaScript source code solution
Analysis, causes web terminal and mobile terminal JavaScript code to show in the form of source code, program source code leakage, core business logic
Exposure, gives program tape very big security risk, source code is stolen, and causes developer that the knowledge of oneself can not be effectively protected
Property right is not abused.In order to protect software kernels function, program safety and intellectual property, a kind of guard technology is needed, H5 is prevented
Source code leakage.
Although having some H5 compressions, obfuscation in the market, solution is also to the letter in JavaScript source code
Several, variable name is converted, it is made to be difficult to read on keyword, but the API Calls of source code logic and object properties are but
It is apparent.Again for example, AES, DES scheduling algorithm are carried out to JavaScript code to encrypt it, decryption code key is embedded in source
Code in, as long as but attacker finds decryption code key, also the JavaScript source code of encryption can be obtained into original by code key easily
The code of beginning.
Therefore, the existing technology needs to be improved and developed.
Summary of the invention
Based on this, it is necessary in view of the above technical problems, provide it is a kind of prevent H5 source code leak method, computer equipment
And storage medium, to solve to hold very much in the exposure of source code logic, the exposure of object properties API Calls and decryption code key insertion source code
The problem of being easily found, effectively protects H5 source code.
A method of prevent H5 source code from leaking, the method includes the steps:
A, template object is initialized, defines an overall situation function, and return to a global object in the overall situation function;
B, morphological analysis and syntactic analysis are carried out to source code, and function, character string, expression formula and the constant in source code is added
Close processing;
C, encrypted source code is subjected to shell adding encryption, and generates a decryption function;
D, decryption function decrypts shell adding code, decrypts encrypted code, load decryption object simultaneously executes encrypted code, by decryption pair
Decrypting as dynamic is clear-text passwords, and executes clear-text passwords.
Wherein, the step A further include:
A1, by the title randomization of the global object and special identifier, and the title of the global object encrypted every time is not
It is same and unique;
Wherein, Key value is randomized when having a variety of Key-Value forms in the global object, and initializing every time, and
Key value is unique;
The type of the Value includes: character string interaction template, expression formula interaction template, multiple constants and multiple discriminant functions.
Wherein, the character string interaction template interacts function with a character string including two character strings interaction functions;
Wherein, in described two character string interaction functions, one of function is that function control is flowed in flattening in decoding source code
The value of case in switch structure, another function are all character strings in decoding source code;In one character string interaction letter
In number, which is decoded pre-set domain name coded string.
Wherein, the step C is specifically included:
C1, encrypted source code is carried out to space and goes annotation process, and encrypted source code is subjected to accidental enciphering;
C2, encrypted character string group array, the position of replacement, the necessary variable of decryption function and decryption functional dependence are generated
Necessary Rule of judgment;
C3, a decryption function is generated, and using the result of the source code of processing as the parameter of decryption function.
Wherein, the step C further include:
C4, by one section of anti-debug code of coding it is encrypted characters string, this section of anti-debug code is embedded into decryption function, when
When code executes, then this section of anti-debug code is gone to, and executed with eval function.
Wherein, include: when being encrypted in the step B to the function in source code
If being inserted into inside function to calculate the code of time difference, when the time that two sections of codes execute being greater than some numerical value,
Program will enter in an Infinite Cyclic code;
If being inserted into the template code judged with domain name inside function, obtain with return value, and passes through its true and false property determining program
Whether execute;
If to function body Structural Transformation being the control stream flattening of switch structure, function body sentence it is order random-ising, and insert
Enter some non-executable codes, code that is executable but not influencing its result, complicates control flow, automatically generate switch language
The case value of sentence, which is put into array, and the array is encrypted, is processed into unreadable character string.
Wherein, include: when being encrypted in the step B to the expression formula in source code
It extracts in JavaScript and intersperses expression formula, all expression formulas of interspersing are replaced with into square brackets expression formula, it will be right
The attribute of elephant calls the form for being converted to character string;
The expression solution in source code is extracted, expression formula is converted into expression formula interaction template function call or discriminant function
The form of calling, the lvalue and r value that participate in expression formula are the parameter of function.
Wherein, include: when being encrypted in the step B to the character string in source code
The character string in JavaScript is extracted, all text string extractings are come out, and these character strings are put into array, and
The array is encrypted, unreadable character string is processed into;
Include: when being encrypted in the step B to the constant in source code
The constant in source code is extracted, all constants are entered and left and replace with template into template object, and by original constant
The form of object accesses attribute.
A kind of computer equipment, including memory and processor, the memory are stored with computer program, the processing
Device realizes the step of above-mentioned method when executing the computer program.
A kind of computer readable storage medium, is stored thereon with computer program, and the computer program is held by processor
The step of above-mentioned method is realized when row.
A kind of method, computer equipment and storage medium for preventing H5 source code from leaking, has the advantages that
(1) by randomization global object's title and control stream randomization, it is one that encryption, which can all have different encryption files, every time
Kind polymorphic form;
(2) template object dynamic is decrypted when passing through operation, solves the problems, such as to be easy to be found in decryption code key insertion source code;
(3) all constants, character string, expression formula are hidden completely, and core logic and core code are all protected, and hide attribute
API Calls, encrypted code structure is complicated, and code can not almost be read;
(4) domain name protection, anti-debug protection are carried out under particular surroundings (browser).
Detailed description of the invention
Fig. 1 is a kind of flow diagram for the method for preventing H5 source code from leaking in one embodiment.
Fig. 2 is a kind of encryption principle schematic diagram for the method for preventing H5 source code from leaking in one embodiment.
Fig. 3 is a kind of schematic illustration of the code shell adding for the method for preventing H5 source code from leaking in one embodiment.
Fig. 4 is a kind of flow diagram that the encrypted code for the method for preventing H5 source code from leaking executes in one embodiment.
Fig. 5 is the internal structure chart of computer equipment in one embodiment.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer and more explicit, right as follows in conjunction with drawings and embodiments
The present invention is further described.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and do not have to
It is of the invention in limiting.
A kind of method for preventing H5 source code from leaking provided by the present application, can be applied in terminal.Wherein, terminal can with but
It is not limited to various personal computers, laptop, mobile phone, tablet computer, vehicle-mounted computer and portable wearable device.This
The terminal of invention uses multi-core processor.Wherein, the processor of terminal can be central processing unit (Central Processing
Unit, CPU), graphics processor (Graphics Processing Unit, GPU), video processing unit (Video
At least one of Processing Unit, VPU) etc..
In one embodiment, as shown in Figure 1, providing a kind of flow diagram of method for preventing H5 source code from leaking,
It is applied to be illustrated for above-mentioned terminal in this way, comprising the following steps:
S100, initialization template object, define an overall situation function, and a global object is returned in the overall situation function;
Specifically, template object is initialized, an overall situation function is defined, a global object is returned in this overall situation function,
And global object's title is randomized, special identifier, will not generate conflict with the function name in source code, variable name, while using slow
Technology is deposited, the global object's title encrypted every time is different and unique, there are many Key-Value forms in this object, and
And initialization Key value randomization every time, Key value is unique, and Value is broadly divided into following several types:
(1) Value is two character string interactions function (character string interaction template), and one of function is function in decoding source code
The value of case in switch structure in flattening is flowed in control, another function is all character strings in decoding source code.Two words
An object is returned in symbol string interaction function, includes the form of a Key-Value in this object, Value is then a letter
Number, the main function of this function is: transcoding character string, xor operation, splicing character string, cutting character string simultaneously finally obtain one
A array for having character string is obtained character string from array and is returned by the subscript inside each function parameter, this function
It is present in global object, main function is dynamically to decode character by character string stencil function when program operation
String.
(2) Value is multiple expression formula functions (expression formula interaction template), and expression formula function calculates the value being passed into,
And directly return the result, wherein expression formula function includes: addition function, SUbtractive function, multiplication function, division function, is equal to letter
Number, not equal to function, greater than function, less than function and function is negated, main function is to hide the expression formula in source code,
And be converted to the form of function call.
(3) Value is multiple types of a constant, and Value value is to extract all constants in source code, and value is unique, reduces in source code
The number that constant occurs, main function are the constants hidden in source code.
(4) Value is multiple discriminant functions, and the main body of this function is a three mesh operations, and function returns to three mesh operations
As a result, three mesh operations the result is that call another function in the object, and in addition the parameter of this function is transmitted to
In one function, main function is the service logic for complicating this global object.
(5) Value is character string interaction function (character string interaction template), this function will mainly be preset
Domain name coded string be decoded, then in the domain name (web browser of website where the dynamic acquisition current browser page
Under environment), the domain name encoded in advance is decoded, the value for returning to a bool type, main function are then compared
It is that the dynamic domain name that obtains carries out domain name judgement.
S200, morphological analysis and syntactic analysis are carried out to source code, and by the function in source code, character string, expression formula and often
Number is encrypted;
Wherein, in particular circumstances (in web browser environment) by carrying out morphological analysis, grammer point to JavaScript source code
The function in JavaScript is extracted in analysis, the code of a calculating time difference is inserted into inside certain functions, when two sections of codes are held
The capable time is greater than some numerical value, and program will enter in an Infinite Cyclic code, and code, which is effectively protected, to be prevented from being debugged.
Wherein, by carrying out morphological analysis, syntactic analysis to JavaScript source code, the letter in JavaScript is extracted
Number is inserted into the template code (being limited in browser) of domain name judgement inside certain functions, obtains a return value, leads to
It crosses and judges whether its true and false property confirmation program continues to execute, do not execute then one random number of current function auto-returned, effectively
Code is protected not usurped by illegal website.
Wherein, by carrying out morphological analysis, syntactic analysis to JavaScript source code, the letter in JavaScript is extracted
Number, to function body Structural Transformation be switch structure control stream flattening, function body sentence it is order random-ising, be inserted into simultaneously
Some codes that cannot be executed code, can execute but not influence its result, complicate control flow, automatically generate
The case value of switch sentence, these values is put into array, and this array is encrypted, and is processed into unreadable character
String, applies character string interaction template and (this encrypted character string is put into character string interaction template function, is used simultaneously
The character string interaction template function or discriminant function of template object do equivalence replacement to the case value in switch structure, and
And the corresponding subscript in array of each character string is recorded, using this subscript as the parameter of stencil function and discriminant function), with
Reach and obscures source code logic and purpose is hidden to the case value of switch.
Wherein, by carrying out morphological analysis, syntactic analysis to JavaScript source code, interspersing in JavaScript is extracted
All expression formulas of interspersing are replaced with square brackets expression formula by expression formula, and the attribute calling of object is thus converted to character
The form of string is hidden with the character string for reaching extraction.
Wherein, by carrying out morphological analysis, syntactic analysis to JavaScript source code, the character in JavaScript is extracted
String, all text string extractings are come out, these character strings are put into array, and this array is encrypted, are processed into not
Readable character string, apply character string interaction template (this encrypted character string is put into character string interaction template function,
The character string interaction template function or discriminant function for using template object simultaneously, do the case value in switch structure equivalent
Replacement, and record the corresponding subscript in array of each character string, using this subscript as stencil function and discriminant function
Parameter), purpose is gone here and there to reach to hide character.
Wherein, by carrying out morphological analysis, syntactic analysis to JavaScript source code, the expression formula fortune in source code is extracted
It calculates, applies expression formula interaction template and (expression formula is converted to what expression formula interaction template function call or discriminant function called
Form, participate in expression formula lvalue and r value be function parameter) main purpose be hide source code in expression formula.
Wherein, by carrying out morphological analysis, syntactic analysis to JavaScript source code, the constant in extraction source code will
All constant enters and leaves into template object, and original constant is replaced with to the form of template object access attribute, to reach point
From constant in source code, the purpose of constant is hidden.
S300, encrypted source code is carried out to shell adding encryption, and generates a decryption function;
Specifically include step:
S310, encrypted source code is carried out to space and goes annotation process, and encrypted source code is carried out at accidental enciphering
Reason, the mode of the accidental enciphering processing, which specifically includes, to be encoded source code, is converted, being cut and replacement processing;
S320, encrypted character string group array, the position of replacement, the necessary variable of decryption function and decryption functional dependence are generated
Necessary Rule of judgment;
S330, a decryption function is generated, and using the result of the source code of processing as the parameter of decryption function;
S340, by one section of anti-debug code of coding it is encrypted characters string, this section of anti-debug code is embedded into decryption function,
When code executes, then this section of anti-debug code is gone to, and executed with eval function.
It specifically, is encrypted characters string by one section of anti-debug code of coding in web browser environment, this section is anti-
Debugging code is embedded into decryption function, when code executes, can go to this section of anti-debug code, and with eval function
It executes, wherein eval function can only view current anti-debug code, anti-debug when executing code inside debugging
Code periphery code can not be checked, code is effectively protected and is not debugged and checks.
S400, decryption function decrypt shell adding code, decrypt encrypted code, and load decryption object simultaneously executes encrypted code,
Decryption object dynamic is decrypted as clear-text passwords, and executes clear-text passwords.
The present invention executes logic by changing code, hides that API Calls, the string that hides character by template, to pass through template hidden
Constant is hidden, expression formula is hidden by template and changes source code and is shown, is protected core logic and core code all,
Encrypted code structure is complicated, and code can not almost be read, and by randomization global object's title and controls stream randomization,
Encryption can all have different encryption files every time, be a kind of polymorphic form, and template object dynamic is decrypted when passing through operation, solve solution
Be easy to the problem of being found in close code key insertion source code, at the same under special environment (browser end) increase anti-debug technology and
Domain name binding technology is added by template, effectively protects H5 source code.
It should be understood that although each step in the flow chart of Fig. 1 is successively shown according to the instruction of arrow, this
A little steps are not that the inevitable sequence according to arrow instruction successively executes.Unless expressly state otherwise herein, these steps
It executes there is no the limitation of stringent sequence, these steps can execute in other order.Moreover, at least part in Fig. 1
Step may include that perhaps these sub-steps of multiple stages or stage are executed in synchronization to multiple sub-steps
It completes, but can execute at different times, the execution sequence in these sub-steps or stage, which is also not necessarily, successively to be carried out,
But it can be executed in turn or alternately at least part of the sub-step or stage of other steps or other steps.
In one embodiment, to more fully understand the application, prevent H5 source code from leaking the present invention also provides a kind of
The encryption principle schematic diagram of method, as shown in Fig. 2, by carrying out morphological analysis, syntactic analysis to JavaScript source code, thereafter
Function, character string, constant and expression formula in JavaScript source code is encrypted, wherein in web browser environment
In, by extracting the function in JavaScript, it is inserted into the template code of domain name judgement inside certain functions, obtains one
A return value, judges whether its true and false property, program continue to execute, and does not execute one random number of current function auto-returned, effectively
Protect code not usurped by illegal website;In JavaScript language environment, by making the letter in JavaScript source code
Number, character string, constant and expression formula control levelling are smooth, and ambiguity function name variable name encrypts character string, carries out to constant
Replacement, operator carry out equivalence replacement, and to carry out code compaction (go to space, go to annotate) after, by source code accidental enciphering (compile
Code converts, and cuts, replacement) processing, generate encrypted character string group array, the position of replacement, the necessary variable of decryption function
With decryption functional dependence necessary Rule of judgment, and generate a decryption function, and using the result of the source code of processing as decrypt letter
Several parameters carries out a shell adding processing to encrypted source code by the way that encrypted source code is carried out accidental enciphering again, from
And obtain encrypted code.
Wherein, in web browser environment, it is encrypted characters string by one section of anti-debug code of coding, this section is demodulated
Examination code is embedded into decryption function, when code executes, can go to this section of anti-debug code, and held with eval function
Row.Eval function can only view current anti-debug code, anti-debug code periphery when executing code inside debugging
Code can not be checked, code is effectively protected and is not debugged and checks.
In one embodiment, to more fully understand the application, prevent H5 source code from leaking the present invention also provides a kind of
The schematic illustration of method code shell adding, as shown in figure 3, after carrying out space by code, remove annotation, then by source code accidental enciphering
(coding converts, and cuts, replacement) processing generates thereafter encrypted word for example, the code of non-shell adding is carried out shell adding processing
String group array, the position of replacement, the necessary variable of decryption function and the necessary Rule of judgment for decrypting functional dependence are accorded with, and generates one
Decryption function, and using the result of the source code of processing as the parameter of decryption function, it is random by carrying out encrypted source code again
Encryption, that is, adding one layer of shell program in machine code, again on the basis of code replaces program to obtain executable program, wherein
Program is not normally functioning when going to anti-debug code under web browser environment.
In one of the embodiments, as shown in figure 4, providing a kind of encrypted code of method for preventing H5 source code from leaking
The flow diagram of execution, comprising the following steps:
S01, beginning;
S02, encrypted code is executed;
S03, decryption function is executed, and decrypts encrypted source code;Wherein, the necessary variable of decryption function and decryption functional dependence
Necessary Rule of judgment execute decryption function, specifically, the position that source code is replaced is found by subscript, and pass through necessary ginseng
Number is restored.
S04, load decryption object simultaneously go to decrypted code;
S05, decryption object dynamic is decrypted as plaintext code;
S06, judge whether to go to normal code;If so, S07 is thened follow the steps, it is no to then follow the steps S08.
S07, normal program operation;
S08, judge whether to go to anti-debug code;If so, S11 is thened follow the steps, it is no to then follow the steps S09.
Wherein, under web browser environment, by being inserted into the code of a calculating time difference inside certain functions, when
The time that two sections of codes execute is greater than some numerical value, and program will enter in an Infinite Cyclic code, i.e. execution step S11;
It is encrypted characters string by one section of anti-debug code of coding, this section of anti-debug code is embedded into decryption function, when code is held
When row, this section of anti-debug code can be gone to, i.e. execution step S11.
S09, domain name inspection code is gone to;
S10, judge whether domain name is consistent;If so, S11 is thened follow the steps, it is no to then follow the steps S12.
S11, program are operating abnormally;
S12, end.
In one embodiment, a kind of computer equipment is provided, which can be terminal, internal structure
Figure can be as shown in Figure 5.The computer equipment includes processor, the memory, network interface, display connected by system bus
Screen and input unit.Wherein, the processor of the computer equipment is for providing calculating and control ability.The computer equipment is deposited
Reservoir includes non-volatile memory medium, built-in storage.The non-volatile memory medium is stored with operating system and computer journey
Sequence.The built-in storage provides environment for the operation of operating system and computer program in non-volatile memory medium.The calculating
The network interface of machine equipment is used to communicate with external terminal by network connection.When the computer program is executed by processor with
Realize a kind of method for preventing H5 source code from leaking.The display screen of the computer equipment can be liquid crystal display or electric ink
Display screen, the input unit of the computer equipment can be the touch layer covered on display screen, be also possible to outside computer equipment
Key, trace ball or the Trackpad being arranged on shell can also be external keyboard, Trackpad or mouse etc..
It will be understood by those skilled in the art that structure shown in Fig. 5, only part relevant to application scheme is tied
The block diagram of structure does not constitute the restriction for the computer equipment being applied thereon to application scheme, specific computer equipment
It may include perhaps combining certain components or with different component layouts than more or fewer components as shown in the figure.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the computer program can be stored in a non-volatile computer
In read/write memory medium, the computer program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein,
To any reference of memory, storage, database or other media used in each embodiment provided herein,
Including non-volatile and/or volatile memory.Nonvolatile memory may include read-only memory (ROM), programming ROM
(PROM), electrically programmable ROM(EPROM), electrically erasable ROM(EEPROM) or flash memory.Volatile memory may include
Random-access memory (ram) or external cache.By way of illustration and not limitation, RAM is available in many forms,
Such as static state RAM(SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate sdram (DDRSDRAM), enhancing
Type SDRAM(ESDRAM), synchronization link (Synchlink) DRAM(SLDRAM), memory bus (Rambus) direct RAM
(RDRAM), direct memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..
Each technical characteristic of above embodiments can be combined arbitrarily, for simplicity of description, not to above-described embodiment
In each technical characteristic it is all possible combination be all described, as long as however, the combination of these technical characteristics be not present lance
Shield all should be considered as described in this specification.
The several embodiments of the application above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously
It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art
It says, without departing from the concept of this application, various modifications and improvements can be made, these belong to the protection of the application
Range.Therefore, the scope of protection shall be subject to the appended claims for the application patent.
Claims (10)
1. a kind of method for preventing H5 source code from leaking, which is characterized in that the method includes the steps:
A, template object is initialized, defines an overall situation function, and return to a global object in the overall situation function;
B, morphological analysis and syntactic analysis are carried out to source code, and function, character string, expression formula and the constant in source code is added
Close processing;
C, encrypted source code is subjected to shell adding encryption, and generates a decryption function;
D, decryption function decrypts shell adding code, decrypts encrypted code, load decryption object simultaneously executes encrypted code, by decryption pair
Decrypting as dynamic is clear-text passwords, and executes clear-text passwords.
2. the method according to claim 1 for preventing H5 source code from leaking, which is characterized in that the step A further include:
A1, by the title randomization of the global object and special identifier, and the title of the global object encrypted every time is not
It is same and unique;
Wherein, Key value is randomized when having a variety of Key-Value forms in the global object, and initializing every time, and
Key value is unique;
The type of the Value includes: character string interaction template, expression formula interaction template, multiple constants and multiple discriminant functions.
3. the method according to claim 2 for preventing H5 source code from leaking, which is characterized in that the character string interaction template
Function is interacted with a character string including two character string interaction functions;
Wherein, in described two character string interaction functions, one of function is that function control is flowed in flattening in decoding source code
The value of case in switch structure, another function are all character strings in decoding source code;In one character string interaction letter
In number, which is decoded pre-set domain name coded string.
4. the method according to claim 1 for preventing H5 source code from leaking, which is characterized in that the step C is specifically included:
C1, encrypted source code is carried out to space and goes annotation process, and encrypted source code is subjected to accidental enciphering;
C2, encrypted character string group array, the position of replacement, the necessary variable of decryption function and decryption functional dependence are generated
Necessary Rule of judgment;
C3, a decryption function is generated, and using the result of the source code of processing as the parameter of decryption function.
5. the method according to claim 1 for preventing H5 source code from leaking, which is characterized in that the step C further include:
C4, by one section of anti-debug code of coding it is encrypted characters string, this section of anti-debug code is embedded into decryption function, when
When code executes, then this section of anti-debug code is gone to, and executed with eval function.
6. the method according to claim 1 for preventing H5 source code from leaking, which is characterized in that source code in the step B
In function include: when being encrypted
If being inserted into inside function to calculate the code of time difference, when the time that two sections of codes execute being greater than some numerical value,
Program will enter in an Infinite Cyclic code;
If being inserted into the template code judged with domain name inside function, obtain with return value, and passes through its true and false property determining program
Whether execute;
If to function body Structural Transformation being the control stream flattening of switch structure, function body sentence it is order random-ising, and insert
Enter some non-executable codes, code that is executable but not influencing its result, complicates control flow, automatically generate switch language
The case value of sentence, which is put into array, and the array is encrypted, is processed into unreadable character string.
7. the method according to claim 1 for preventing H5 source code from leaking, which is characterized in that source code in the step B
In expression formula include: when being encrypted
It extracts in JavaScript and intersperses expression formula, all expression formulas of interspersing are replaced with into square brackets expression formula, it will be right
The attribute of elephant calls the form for being converted to character string;
The expression solution in source code is extracted, expression formula is converted into expression formula interaction template function call or discriminant function
The form of calling, the lvalue and r value that participate in expression formula are the parameter of function.
8. the method according to claim 1 for preventing H5 source code from leaking, which is characterized in that source code in the step B
In character string include: when being encrypted
The character string in JavaScript is extracted, all text string extractings are come out, and these character strings are put into array, and
The array is encrypted, unreadable character string is processed into;
Include: when being encrypted in the step B to the constant in source code
The constant in source code is extracted, all constants are entered and left and replace with template into template object, and by original constant
The form of object accesses attribute.
9. a kind of computer equipment, including memory and processor, the memory are stored with computer program, feature exists
In the step of processor realizes any one of claims 1 to 8 the method when executing the computer program.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program
The step of any one of claims 1 to 8 the method is realized when being executed by processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910206140.7A CN109918917B (en) | 2019-03-19 | 2019-03-19 | Method, computer device and storage medium for preventing leakage of H5 source code |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910206140.7A CN109918917B (en) | 2019-03-19 | 2019-03-19 | Method, computer device and storage medium for preventing leakage of H5 source code |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109918917A true CN109918917A (en) | 2019-06-21 |
| CN109918917B CN109918917B (en) | 2021-06-08 |
Family
ID=66965589
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910206140.7A Active CN109918917B (en) | 2019-03-19 | 2019-03-19 | Method, computer device and storage medium for preventing leakage of H5 source code |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109918917B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110309631A (en) * | 2019-07-12 | 2019-10-08 | 北京智游网安科技有限公司 | A kind of programming language structure obscures processing method, intelligent terminal and storage medium |
| CN110377276A (en) * | 2019-07-19 | 2019-10-25 | 潍柴动力股份有限公司 | Source code file management method and equipment |
| CN110457869A (en) * | 2019-07-23 | 2019-11-15 | Oppo广东移动通信有限公司 | Program compiles encryption method, device, storage medium and electronic equipment |
| CN111159748A (en) * | 2019-12-31 | 2020-05-15 | 中国银行股份有限公司 | Front-end information encryption method and device |
| CN111367505A (en) * | 2020-03-02 | 2020-07-03 | 广州致远电子有限公司 | JavaScript source code secrecy method, device, equipment and storage medium |
| CN111797388A (en) * | 2020-06-12 | 2020-10-20 | 武汉大学 | JavaScript engine memory information leakage defense method and system based on runtime randomization |
| CN113642015A (en) * | 2021-08-02 | 2021-11-12 | 北京奇艺世纪科技有限公司 | File encryption method and device, electronic equipment and storage medium |
| CN113987471A (en) * | 2021-10-29 | 2022-01-28 | 山西大鲲智联科技有限公司 | Executable file execution method and device, electronic equipment and computer readable medium |
| CN115203652A (en) * | 2022-09-15 | 2022-10-18 | 中电信数智科技有限公司 | IOS (input/output system) end security encryption control method based on source confusion |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103377326A (en) * | 2012-04-13 | 2013-10-30 | 腾讯科技(北京)有限公司 | Confusion encrypting method and device for dynamic webpage program codes |
| CN104166822A (en) * | 2013-05-20 | 2014-11-26 | 阿里巴巴集团控股有限公司 | Data protecting method and device |
| CN104462959A (en) * | 2014-12-04 | 2015-03-25 | 北京奇虎科技有限公司 | Reinforcement protection method, sever and system for android app |
| CN104504313A (en) * | 2014-12-31 | 2015-04-08 | 北京畅游天下网络技术有限公司 | Confidential treatment method and device for code |
| US20150113279A1 (en) * | 2011-04-19 | 2015-04-23 | Invenia As | Method for secure storing and sharing of a data file via a computer communication network and open cloud services |
| US9112699B1 (en) * | 2012-12-19 | 2015-08-18 | Verifyle, Inc. | System, processing device, computer program and method, to tranparently encrypt and store data objects such that owners of the data object and permitted viewers are able to view decrypted data objects after entering user selected passwords |
| CN105095771A (en) * | 2014-05-08 | 2015-11-25 | 北京娜迦信息科技发展有限公司 | Method and apparatus for protecting shared target file |
| CN105205359A (en) * | 2015-10-12 | 2015-12-30 | 厦门飞信网络科技有限公司 | Method and device for protecting JavaScript codes |
| CN107480477A (en) * | 2017-07-21 | 2017-12-15 | 四川长虹电器股份有限公司 | Mobile terminal product copy-right protection method based on html5 technologies |
| CN107958158A (en) * | 2017-10-27 | 2018-04-24 | 国网辽宁省电力有限公司 | The dynamic data desensitization method and system of a kind of big data platform |
-
2019
- 2019-03-19 CN CN201910206140.7A patent/CN109918917B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150113279A1 (en) * | 2011-04-19 | 2015-04-23 | Invenia As | Method for secure storing and sharing of a data file via a computer communication network and open cloud services |
| CN103377326A (en) * | 2012-04-13 | 2013-10-30 | 腾讯科技(北京)有限公司 | Confusion encrypting method and device for dynamic webpage program codes |
| US9112699B1 (en) * | 2012-12-19 | 2015-08-18 | Verifyle, Inc. | System, processing device, computer program and method, to tranparently encrypt and store data objects such that owners of the data object and permitted viewers are able to view decrypted data objects after entering user selected passwords |
| CN104166822A (en) * | 2013-05-20 | 2014-11-26 | 阿里巴巴集团控股有限公司 | Data protecting method and device |
| CN105095771A (en) * | 2014-05-08 | 2015-11-25 | 北京娜迦信息科技发展有限公司 | Method and apparatus for protecting shared target file |
| CN104462959A (en) * | 2014-12-04 | 2015-03-25 | 北京奇虎科技有限公司 | Reinforcement protection method, sever and system for android app |
| CN104504313A (en) * | 2014-12-31 | 2015-04-08 | 北京畅游天下网络技术有限公司 | Confidential treatment method and device for code |
| CN105205359A (en) * | 2015-10-12 | 2015-12-30 | 厦门飞信网络科技有限公司 | Method and device for protecting JavaScript codes |
| CN107480477A (en) * | 2017-07-21 | 2017-12-15 | 四川长虹电器股份有限公司 | Mobile terminal product copy-right protection method based on html5 technologies |
| CN107958158A (en) * | 2017-10-27 | 2018-04-24 | 国网辽宁省电力有限公司 | The dynamic data desensitization method and system of a kind of big data platform |
Non-Patent Citations (1)
| Title |
|---|
| JSHAMAN.COM: "JShaman 技术原理", 《HTTP://WWW.JSHAMAN.COM/JSHAMAN产品说明书V2.PDF》 * |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110309631A (en) * | 2019-07-12 | 2019-10-08 | 北京智游网安科技有限公司 | A kind of programming language structure obscures processing method, intelligent terminal and storage medium |
| CN110309631B (en) * | 2019-07-12 | 2021-04-06 | 北京智游网安科技有限公司 | Programming language structure confusion processing method, intelligent terminal and storage medium |
| CN110377276A (en) * | 2019-07-19 | 2019-10-25 | 潍柴动力股份有限公司 | Source code file management method and equipment |
| CN110377276B (en) * | 2019-07-19 | 2023-05-23 | 潍柴动力股份有限公司 | Source code file management method and device |
| CN110457869A (en) * | 2019-07-23 | 2019-11-15 | Oppo广东移动通信有限公司 | Program compiles encryption method, device, storage medium and electronic equipment |
| CN111159748A (en) * | 2019-12-31 | 2020-05-15 | 中国银行股份有限公司 | Front-end information encryption method and device |
| CN111367505A (en) * | 2020-03-02 | 2020-07-03 | 广州致远电子有限公司 | JavaScript source code secrecy method, device, equipment and storage medium |
| CN111797388A (en) * | 2020-06-12 | 2020-10-20 | 武汉大学 | JavaScript engine memory information leakage defense method and system based on runtime randomization |
| CN113642015A (en) * | 2021-08-02 | 2021-11-12 | 北京奇艺世纪科技有限公司 | File encryption method and device, electronic equipment and storage medium |
| CN113987471A (en) * | 2021-10-29 | 2022-01-28 | 山西大鲲智联科技有限公司 | Executable file execution method and device, electronic equipment and computer readable medium |
| CN115203652A (en) * | 2022-09-15 | 2022-10-18 | 中电信数智科技有限公司 | IOS (input/output system) end security encryption control method based on source confusion |
| CN115203652B (en) * | 2022-09-15 | 2022-12-13 | 中电信数智科技有限公司 | IOS end security encryption control method based on source confusion |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109918917B (en) | 2021-06-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109918917A (en) | Method, computer equipment and the storage medium for preventing H5 source code from leaking | |
| US9489354B1 (en) | Masking content while preserving layout of a webpage | |
| CN104680039B (en) | A kind of data guard method and device of application program installation kit | |
| CN102890758B (en) | Method and system for protecting executable file | |
| CN106203006A (en) | Android application reinforcement means based on dex Yu so file Dynamic Execution | |
| Kovacheva | Efficient code obfuscation for Android | |
| WO2015058620A1 (en) | Method and apparatus for generating installation package corresponding to an application and executing application | |
| CN106599629B (en) | Android application program reinforcing method and device | |
| KR101623096B1 (en) | Apparatus and method for managing apk file in a android platform | |
| CN106650327A (en) | so file dynamic recovery-based Android application reinforcement method | |
| CN109871704A (en) | Android resource file means of defence, equipment and storage medium based on Hook | |
| CN105095771A (en) | Method and apparatus for protecting shared target file | |
| JP2019533223A (en) | Information input method and apparatus | |
| CN108133147B (en) | Method and device for protecting executable code and readable storage medium | |
| US10867017B2 (en) | Apparatus and method of providing security and apparatus and method of executing security for common intermediate language | |
| CN106209346B (en) | White-box cryptography interleaving lookup table | |
| CN112115427A (en) | Code obfuscation method, device, electronic device and storage medium | |
| CN107133524A (en) | A kind of date storage method and device | |
| CN107871066B (en) | Code compiling method and device based on android system | |
| EP3574425B1 (en) | Method to secure a software code | |
| CN110516468B (en) | Method and device for encrypting memory snapshot of virtual machine | |
| EP2947590B1 (en) | Program code obfuscation based upon recently executed program code | |
| CN111291333A (en) | Java application program encryption method and device | |
| JP6215468B2 (en) | Program protector | |
| CN113360859B (en) | Python interpreter-based encrypted file security control method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |